I write about cybersecurity and crime as part of the Forbes tech team. Before delving into cybercrime, I covered crimes ranging from murder to armed robberies at Taco Bell and the Dollar Store as a local crime reporter at the Victor Valley Daily Press in Southern California. I graduated from Harvard with a degree in History and Literature. I spent most of my childhood in a village in the Democratic Republic of Congo, where I was able to witness the explosion of technology in a remote area with the construction of the village’s first cell phone tower in 2007. Contact me at kvinton@forbes.com and follow me on twitter @kate_vinton.

Data Breach Bulletin: Home Depot Credit Card Breach Could Prove To Be Larger Than Target Breach

Home DepotHome Depot – Home Depot may be the latest in what is becoming an increasingly long list of retailers hit with credit card breaches this year, Brian Krebs reported on Tuesday. Some banks say the breach extends back to late April or early May 2014. If this is true, the Home Depot breach could end up being much larger than the now-infamous Target breach. Home Depot spokesperson Paula Drake confirmed that the company is investigating a potential breach. Krebs believes this breach may come from the same Eastern European hackers responsible for the Target breach and others.

iCloud – After nude celebrity photos were leaked over the weekend—allegedly from celebrity iCloud accounts—AppleAppleissued a statement on Tuesday, saying that the attack was a result of a “a very targeted attack on user names, passwords and security questions.” The statement says that the photos were not leaked as part of a larger breach to Apple’s iCloud or Find My iPhone systems. Many have speculated that hackers might have gained access to celebrity iCloud accounts though an iCloud vulnerability that made it possible to endlessly submit usernames and passwords to iCloud through the Find My iPhone API. (Apple has now patched the vulnerability.) The breach has generated a lot of discussion around privacy—unsurprising given the sensitive nature of the photos and the high profile of the celebrities involved. While some have blamed the celebrities for taking the photos or failing to use strong iCloud passwords, others argue that nude photos are part of the digital age and the fault lies entirely with the hackers who leaked the photos.

JP Morgan Chase –Last week, the FBI announced that it was investigating a cyber attack against JP Morgan Chase and other banks. As of Tuesday, the FBI says that JP Morgan Chase appears to be the only bank affected by the cyber attack, according to the Wall Street Journal. While the attack may have begun months ago, it was only discovered recently through a routine investigation, according to USA Today. Sources close to the investigation told Bloomberg last week that the attack was likely the work of Russian hackers “as a possible retaliation for government-sponsored sanctions.” JP Morgan Chase says it spends $250 million on cyber security every year, and will have approximately 1000 employees focused on cyber security by the end of 2014.

Dairy Queen – Last week, Brian Krebs reported that Dairy Queen might have been hit with a credit card breach, according to financial sources that were investigating credit card fraud at several Dairy Queen locations. While Dairy Queen originally claimed no knowledge of the breach, the company eventually admitted that “customer data at a small number of stores may be at risk.” According to one of Krebs’ sources, a credit union in the Midwest, at least 50 customers have been affected by the breach, which may have begun as early as May 2014.

Racing Post – Nearly 700,000 UK customers were affected by a breach to a daily newspaper covering horses and racing, according to the UK’s Information Commissioner’s Office (ICO). The ICO said that 677,000 customers’ names and passwords were leaked after an SQL injection attack in November 2013. The ICO sharply criticized Racing Post for its security, saying that the newspaper had taken “no steps to keep abreast of security developments” creating an “unacceptable level of risk of inappropriate processing.” According to SC Magazine, Racing Post is avoiding fines because no financial information was stolen in the breach.

OTTO Pizzeria – Nine hundred people who just wanted a slice of pizza from OTTO Pizzeria in Portland, Maine, have now been notified that their information may have been compromised in a data breach. According to a post on OTTO’s website, the breach was a result of malware installed on credit card terminals between May 1 and August 13, 2014. In an FAQ, OTTO’s asked a question on many people’s minds after hearing about a breach: “Why did it take over two months to discover the breach?” The answer is less encouraging—OTTO’s cites statistics from a Verizon Report, which states that 99% of attacks are not discovered by retailers themselves, and that 85% of breaches take weeks to discover. While its good to know that OTTO’s is no worse than the majority of retailers when it comes to discovering and responding to data breaches, that is hardly something to celebrate.

Cedars-Sinai Health Systems – An unencrypted laptop—which violated Cedars-Sinai Health Systems device policy—was stolen from the home of an employee last week, exposing more than 500 patients’ Social Security numbers. According to Cedars-Sinai, some patient information may have been stored in temporary files on the hard drive of the laptop, which the employee brought home to do additional work. Cedars-Sinai does not believe that there has been any unauthorized access to patient information, but is notifying everyone who may have been affected by the theft.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.